Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / b73691f9e67149deefbc2d2115d66dfc62264333 / . / extensions / libxt_connbytes.c
blob: 1a3cf6e42ce51f7f1e41b766257162802dfd6465 [file] [log] [blame]
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]1/* Shared library add-on to iptables to add byte tracking support. */
2#include <stdio.h>
3#include <netdb.h>
4#include <string.h>
5#include <stdlib.h>
6#include <getopt.h>
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]7#include <xtables.h>
Patrick McHardy40d54752007-04-18 07:00:36 +0000[diff] [blame]8#include <linux/netfilter/nf_conntrack_common.h>
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]9#include <linux/netfilter/xt_connbytes.h>
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]10
11/* Function which prints out usage message. */
12static void
13help(void)
14{
15 printf(
16"connbytes v%s options:\n"
17" [!] --connbytes from:[to]\n"
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]18" --connbytes-dir [original, reply, both]\n"
19" --connbytes-mode [packets, bytes, avgpkt]\n"
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]20"\n", IPTABLES_VERSION);
21}
22
Jan Engelhardt661f1122007-07-30 14:46:51 +0000[diff] [blame]23static const struct option opts[] = {
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]24 { "connbytes", 1, 0, '1' },
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]25 { "connbytes-dir", 1, 0, '2' },
26 { "connbytes-mode", 1, 0, '3' },
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]27 {0}
28};
29
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]30static void
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]31parse_range(const char *arg, struct xt_connbytes_info *si)
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]32{
33 char *colon,*p;
34
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]35 si->count.from = strtoul(arg,&colon,10);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]36 if (*colon != ':')
37 exit_error(PARAMETER_PROBLEM, "Bad range `%s'", arg);
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]38 si->count.to = strtoul(colon+1,&p,10);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]39 if (p == colon+1) {
40 /* second number omited */
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]41 si->count.to = 0xffffffff;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]42 }
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]43 if (si->count.from > si->count.to)
44 exit_error(PARAMETER_PROBLEM, "%llu should be less than %llu",
45 si->count.from, si->count.to);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]46}
47
48/* Function which parses command options; returns true if it
49 ate an option */
50static int
51parse(int c, char **argv, int invert, unsigned int *flags,
Yasuyuki KOZAKAIc0a9ab92007-07-24 06:02:05 +0000[diff] [blame]52 const void *entry,
Yasuyuki KOZAKAI193df8e2007-07-24 05:57:28 +0000[diff] [blame]53 struct xt_entry_match **match)
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]54{
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]55 struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)(*match)->data;
Martin Josefsson11460882004-05-08 14:02:36 +0000[diff] [blame]56 unsigned long i;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]57
58 switch (c) {
59 case '1':
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]60 if (check_inverse(optarg, &invert, &optind, 0))
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]61 optind++;
62
63 parse_range(argv[optind-1], sinfo);
64 if (invert) {
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]65 i = sinfo->count.from;
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]66 sinfo->count.from = sinfo->count.to;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]67 sinfo->count.to = i;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]68 }
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]69 *flags |= 1;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]70 break;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]71 case '2':
72 if (!strcmp(optarg, "original"))
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]73 sinfo->direction = XT_CONNBYTES_DIR_ORIGINAL;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]74 else if (!strcmp(optarg, "reply"))
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]75 sinfo->direction = XT_CONNBYTES_DIR_REPLY;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]76 else if (!strcmp(optarg, "both"))
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]77 sinfo->direction = XT_CONNBYTES_DIR_BOTH;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]78 else
79 exit_error(PARAMETER_PROBLEM,
80 "Unknown --connbytes-dir `%s'", optarg);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]81
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]82 *flags |= 2;
83 break;
84 case '3':
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]85 if (!strcmp(optarg, "packets"))
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]86 sinfo->what = XT_CONNBYTES_PKTS;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]87 else if (!strcmp(optarg, "bytes"))
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]88 sinfo->what = XT_CONNBYTES_BYTES;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]89 else if (!strcmp(optarg, "avgpkt"))
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]90 sinfo->what = XT_CONNBYTES_AVGPKT;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]91 else
92 exit_error(PARAMETER_PROBLEM,
93 "Unknown --connbytes-mode `%s'", optarg);
94 *flags |= 4;
Piotrek Kaczmarek1c0f2362005-04-24 16:19:51 +0000[diff] [blame]95 break;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]96 default:
97 return 0;
98 }
99
100 return 1;
101}
102
103static void final_check(unsigned int flags)
104{
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]105 if (flags != 7)
106 exit_error(PARAMETER_PROBLEM, "You must specify `--connbytes'"
Harald Welte402c3112005-12-05 12:08:03 +0000[diff] [blame]107 "`--connbytes-dir' and `--connbytes-mode'");
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]108}
109
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]110static void print_mode(struct xt_connbytes_info *sinfo)
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]111{
112 switch (sinfo->what) {
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]113 case XT_CONNBYTES_PKTS:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]114 fputs("packets ", stdout);
115 break;
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]116 case XT_CONNBYTES_BYTES:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]117 fputs("bytes ", stdout);
118 break;
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]119 case XT_CONNBYTES_AVGPKT:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]120 fputs("avgpkt ", stdout);
121 break;
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]122 default:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]123 fputs("unknown ", stdout);
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]124 break;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]125 }
126}
127
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]128static void print_direction(struct xt_connbytes_info *sinfo)
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]129{
130 switch (sinfo->direction) {
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]131 case XT_CONNBYTES_DIR_ORIGINAL:
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]132 fputs("original ", stdout);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]133 break;
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]134 case XT_CONNBYTES_DIR_REPLY:
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]135 fputs("reply ", stdout);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]136 break;
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]137 case XT_CONNBYTES_DIR_BOTH:
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]138 fputs("both ", stdout);
139 break;
140 default:
141 fputs("unknown ", stdout);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]142 break;
143 }
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]144}
145
146/* Prints out the matchinfo. */
147static void
Yasuyuki KOZAKAIc0a9ab92007-07-24 06:02:05 +0000[diff] [blame]148print(const void *ip,
Yasuyuki KOZAKAI193df8e2007-07-24 05:57:28 +0000[diff] [blame]149 const struct xt_entry_match *match,
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]150 int numeric)
151{
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]152 struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)match->data;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]153
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]154 if (sinfo->count.from > sinfo->count.to)
155 printf("connbytes ! %llu:%llu ", sinfo->count.to,
156 sinfo->count.from);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]157 else
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]158 printf("connbytes %llu:%llu ",sinfo->count.from,
159 sinfo->count.to);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]160
161 fputs("connbytes mode ", stdout);
162 print_mode(sinfo);
163
164 fputs("connbytes direction ", stdout);
165 print_direction(sinfo);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]166}
167
168/* Saves the matchinfo in parsable form to stdout. */
Yasuyuki KOZAKAIc0a9ab92007-07-24 06:02:05 +0000[diff] [blame]169static void save(const void *ip, const struct xt_entry_match *match)
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]170{
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]171 struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)match->data;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]172
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]173 if (sinfo->count.from > sinfo->count.to)
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]174 printf("! --connbytes %llu:%llu ", sinfo->count.to,
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]175 sinfo->count.from);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]176 else
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]177 printf("--connbytes %llu:%llu ", sinfo->count.from,
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]178 sinfo->count.to);
179
180 fputs("--connbytes-mode ", stdout);
181 print_mode(sinfo);
182
Harald Welte402c3112005-12-05 12:08:03 +0000[diff] [blame]183 fputs("--connbytes-dir ", stdout);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]184 print_direction(sinfo);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]185}
186
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]187static struct xtables_match state = {
188 .family = AF_INET,
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]189 .name = "connbytes",
190 .version = IPTABLES_VERSION,
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]191 .size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
192 .userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)),
193 .help = &help,
194 .parse = &parse,
195 .final_check = &final_check,
196 .print = &print,
197 .save = &save,
198 .extra_opts = opts
199};
200
201static struct xtables_match state6 = {
202 .family = AF_INET6,
203 .name = "connbytes",
204 .version = IPTABLES_VERSION,
205 .size = XT_ALIGN(sizeof(struct xt_connbytes_info)),
206 .userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)),
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]207 .help = &help,
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]208 .parse = &parse,
209 .final_check = &final_check,
210 .print = &print,
211 .save = &save,
212 .extra_opts = opts
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]213};
214
215void _init(void)
216{
Yasuyuki KOZAKAI6aac5002007-08-04 08:25:43 +0000[diff] [blame]217 xtables_register_match(&state);
218 xtables_register_match(&state6);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]219}